CMSimple_XH 1.7.1 fixes two vulnerabilities, namely that the CSRF tokens have not been cryptographically secure, and a potential information leakage in newsboxes. Furthermore, a lot of mostly minor bugs have been fixed, and updates to Pagemanager_XH 3.1 and Fa_XH 1.2 have been made.

See the changelog for details.

As usual you have the following options:

• For new installations use the full installation package!

CMSimple_XH 1.7.1.zip

SHA-256 hash: 110D4D25298810C9FB7095CA1A1BA04067AA9C9F7C95FF2E4376262E96C67658

• For updating from CMSimple_XH 1.7.0 use the update package and follow the generic update instructions! From CMSimple_XH 1.7.1 new in the update package is the file deleted_files.txt in the toplevel folder of the ZIP archive. It contains a list of files which are no longer needed. It is recommended to delete these files from the server.

CMSimple_XH-1.7.1-update-from-1.7.0.zip

SHA-256 hash: A3447DECF765EB576544756BBBDFE0A1B4ED4B9B95D5515B657E6207B0E10A82

Enjoy!